Launchpad.net

CVE 2015-5602

sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."

Related bugs and status

CVE-2015-5602 (Candidate) is related to these bugs:

Bug #1512781: CVE-2015-5602 - Unauthorized Privilege Escalation

		In	Importance	Status
1512781	CVE-2015-5602 - Unauthorized Privilege Escalation	sudo (Ubuntu)	Undecided	Fix Released
1512781	CVE-2015-5602 - Unauthorized Privilege Escalation	sudo (Ubuntu Precise)	Undecided	Won't Fix
1512781	CVE-2015-5602 - Unauthorized Privilege Escalation	sudo (Ubuntu Wily)	Undecided	Confirmed
1512781	CVE-2015-5602 - Unauthorized Privilege Escalation	sudo (Ubuntu Trusty)	Undecided	Confirmed
1512781	CVE-2015-5602 - Unauthorized Privilege Escalation	sudo (Ubuntu Xenial)	Undecided	Fix Released
1512781	CVE-2015-5602 - Unauthorized Privilege Escalation	sudo (Ubuntu Vivid)	Undecided	Confirmed
1512781	CVE-2015-5602 - Unauthorized Privilege Escalation	sudo (Debian)	Unknown	Fix Released
1512781	CVE-2015-5602 - Unauthorized Privilege Escalation	sudo	Unknown	Unknown

Bug #1563825: FFe: Update to sudo 1.8.16

Summary				In	Importance	Status
	1563825	FFe: Update to sudo 1.8.16		sudo (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2015-5602

Related bugs and status

Related bugs

References